WE CLAIM: 

1. A method of provisioning support for Virtual Private Network (VPN) services, 
centrally, in a network management context, the method comprising the steps of: 

a. establishing a full transport mesh of bi-directional Label Switched Paths 
5 (LSPs) between a plurality of managed Provider Edge (PE) communications 

network nodes in a managed communications network; and 

b. establishing a full signaling mesh of targeted Label Distribution Protocol 
(LDP) signaling sessions between the plurality of PE communications 
network nodes. 

10 2. The method claimed in claim 1, wherein establishing the full transport mesh, the 
method further comprises steps of: 

a. selecting a group of PE communications network nodes participating in the 
managed communications network, each PE communications network node 
comprising a Label Switched Router (LSR); 

15 b. deriving a corresponding plurality of PE communications network node pairs 

from the selected group of PE communications network nodes; and 

c. issuing LSP commissioning commands to each PE communications network 
node in the group to establish an LSP in respect of each corresponding PE 
communications network node pair. 

20 3. The method claimed in claim 2, wherein prior to issuing LSP commissioning 
commands, the method further comprises steps of: 

a. determining whether a managed LSP already exists between a pair of PE 
communications network nodes in the group; 

b. determining whether a provisioning parameter associated with the discovered 
25 LSP complies with a corresponding transport mesh provisioning parameter; 

and 



25 



c. conditionally including the discovered LSP in the transport mesh if 
compliance exists. 

The method claimed in claim 2, wherein commissioning an additional LSP, the 
method further comprises steps of: 

a. selecting a pair of PE communications network nodes from the group; and 

b. issuing LSP commissioning commands to each PE communications network 
node in the pair to establish the additional LSP therebetween. 

The method claimed in claim 2, wherein decommissioning a selected LSP, the 
method further comprises steps of: 

a. determining the two PE communications network nodes corresponding to the 
ends of the selected LSP; 

b. determining whether content is being conveyed via the selected LSP in 
respect of an actively provisioned VPN service; and 

c. selectively issuing LSP decommissioning commands to the two PE 
communications network end nodes if no content is being conveyed via the 
selected LSP. 

The method claimed in claim 2, wherein adding a PE communications network 
node to the group, the method further comprises steps of: 

a. deriving a plurality of PE communications network node pairs, each pair 
including the additional PE communications network node and one of the PE 
communications network nodes in the group; and 

b. issuing LSP commissioning commands to the additional PE communications 
network node and each PE communications network node in the group, to 
establish an LSP corresponding to each PE communications network node 
pair determined. 



The method claimed in claim 2, wherein removing a PE communications network 
node from the group, the method further comprises steps of: 

a. selecting at least one provisioned LSP terminating at the PE communications 
network node to be removed; 

b. determining the two PE communications network nodes corresponding to the 
ends of the at least one selected LSP; 

c. determining whether content is being conveyed via the at least one selected 
LSP in respect of at least one actively provisioned VPN service; 

d. selectively issuing LSP decommissioning commands to the corresponding 
two PE communications network end nodes of the at least one selected LSP 
if no content is being conveyed through the at least one selected LSP; and 

e. excluding the PE communications network node from the group if all 
selected LSPs have been decommissioned. 

The method claimed in claim 1, wherein establishing the full signaling mesh, the 
method further comprises steps of: 

a. selecting a group of PE communications network nodes participating in the 
managed communications network; 

b. deriving a corresponding plurality of PE communications network node pairs 
from the selected group of PE communications network nodes; and 

c. issuing targeted LDP session commissioning commands to each PE 
communications network node in the group to establish a targeted LDP 
session in respect of each corresponding PE communications network node 
pair. 

The method claimed in claim 8, wherein prior to issuing targeted LDP 
commissioning commands, the method further comprises steps of: 



a. determining whether a managed targeted LDP session already exists between 
a pair of PE communications network nodes in the group; and 

b. including the discovered targeted LDP session in the signaling mesh. 

The method claimed in claim 8, wherein commissioning an additional targeted 
LDP session, the method further comprises steps of: 

a. selecting a pair of PE communications network nodes from the group; 

b. optionally selecting a corresponding pair of interfaces, each interface being 
associated with a respective PE communication network node in the pair; 
and 

c. issuing targeted LDP session commissioning commands to each PE 
communications network node in the pair to establish the additional targeted 
LDP session therebetween. 

The method claimed in claim 8, wherein decommissioning a selected targeted 
LDP session, the method further comprises steps of: 

a. determining the two PE communications network nodes corresponding to the 
ends of the selected targeted LDP session; 

b. determining whether signaling information is being conveyed via the 
selected targeted LDP session in respect of at least one actively provisioned 
VPN service; and 

c. selectively issuing targeted LDP session decommissioning commands to the 
two PE communications network end nodes if no signaling information is 
being conveyed via the selected targeted LDP session. 

The method claimed in claim 8, wherein adding a PE communications network 
node to the group, the method further comprises steps of: 
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a. deriving a plurality of PE communications network node pairs, each pair 
including the additional PE communications network node and one of the PE 
communications network nodes in the group; and 

b. issuing targeted LDP session commissioning commands to the additional PE 
communications network node and each PE communications network node 
in the group, to establish a targeted LDP session corresponding to each PE 
communications network node pair determined. 

The method claimed in claim 8, wherein removing a PE communications network 
node from the group, the method further comprises steps of: 

a. selecting at least one provisioned targeted LDP session terminating at the PE 
communications network node to be removed; 

b. determining the two PE communications network nodes corresponding to the 
ends of the at least one selected targeted LDP session; 

c. determining whether signaling information is being conveyed via the at least 
one selected targeted LDP session in respect of at least one actively 
provisioned VPN service; 

d. selectively issuing targeted LDP session decommissioning commands to the 
corresponding two PE communications network end nodes of the at least one 
selected targeted LDP session if no signaling information is being conveyed 
via the at least one selected targeted LDP session; and 

e. excluding the PE communications network node from the group if all 
selected targeted LDP sessions have been decommissioned. 

The method claimed in claim 1, further comprising the step of: ascribing an 
identifier to one of: a transport mesh of LSPs, and a signaling mesh of targeted 
LDP sessions. 

The method claimed in claim 14, further comprising a step of: tracking one of: a 
transport mesh and a signaling mesh in a network management system repository. 
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16. A network management system centrally provisioning full mesh Multiprotocol 
Label Switching (MPLS) connectivity in a managed communications network in 
support of Virtual Private Network (VPN) service provisioning, the network 
management system comprising: 

5 a, a network management system repository tracking managed Provider Edge 

(PE) communications network nodes in the managed communications 
network; 

b. a full content transport Label Switched Path (LSP) mesh configuration and 
provisioning means for managing a plurality of content transport LSPs 

10 between a selected group of managed PE communications network nodes; 

and 

c. a full targeted Label Distribution Protocol (LDP) signaling session mesh 
configuration and provisioning means for managing a plurality of targeted 
LDP signaling sessions between the selected group of PE communications 

1 5 network nodes . 

17. The network management system claimed in claim 16, wherein each PE 
communications network node in the group of managed PE communications 
network nodes comprises a Label Switching Router (LSR). 

18. The network management system claimed in claim 16, wherein the full content 
20 transport LSP mesh configuration and provisioning means comprises a human- 
machine-interface. 

19. The network management system claimed in claim 16, wherein the full targeted 
LDP signaling session mesh configuration and provisioning means comprises a 
human-machine interface. 

25 20. The network management system claimed in claim 16, further comprising one of: 
managed PE communications network node filtering means, and managed PE 
communications network node pair selection means. 
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The network management system claimed in claim 16, further comprising one of: 
LSP discovery means, targeted LDP session discovery means, and LSP parameter 
comparison means. 



